source: fedd/federation/deter_impl.py @ bea19b7

Last change on this file since bea19b7 was c261c0f, checked in by Ted Faber <faber@…>, 12 years ago

Moving to new name and creating real federation connections

  • Property mode set to 100644
File size: 4.4 KB
RevLine 
[19cc408]1#!/usr/local/bin/python
2
[e2ff75d]3import sys
4
[3c6dbec]5import emulab_access
[23dec62]6import dragon_access
[9c2e4e1]7import protogeni_access
[175b444]8import deter_internal_access
[c261c0f]9import containers_access
[1819839]10import desktop_access
[7888aee]11import skeleton_access
[175b444]12
[ec4fb42]13from experiment_control import experiment_control_local
[5f6929a]14from ns2topdl import ns2topdl_local
[05191a6]15from util import read_simple_accessdb
[6bedbdba]16from deter import fedid
[19cc408]17
[73ded03]18from authorizer import authorizer, abac_authorizer
[3f6bc5f]19
[7454054]20class deter_impl:
[19cc408]21    """
22    The implementation of access control based on mapping users to projects.
23
24    Users can be mapped to existing projects or have projects created
25    dynamically.  This implements both direct requests and proxies.
26    """
27    # Used by the SOAP caller
[e77c86e]28    soap_namespaces = ('http://www.isi.edu/fedd.wsdl',
29            'http://www.isi.edu/fedd_internal.wsdl')
[19cc408]30
[72ed6e4]31    def __init__(self, config=None):
[19cc408]32        """
[ec4fb42]33        Initializer.  Uses the parsed configuration to create appropriate
34        components.
[19cc408]35        """
[72ed6e4]36        self.soap_services = { }
37        self.xmlrpc_services = { }
[73ded03]38        self.auth = None
[72ed6e4]39
40        if config:
41            self.cert_file = config.get("globals", "cert_file");
42            self.cert_pwd = config.get("globals", "cert_pwd");
43            self.trusted_certs = config.get("globals", "trusted_certs");
[3c6dbec]44            self.access_type = config.get("globals", "access_type", "emulab")
[73ded03]45            self.auth_type = config.get("globals", "auth_type", "legacy")
46
[e2ff75d]47            for mp in config.get("globals", "module_path","").split(":"):
48                sys.path.append(mp)
49
[73ded03]50            if self.auth_type == 'legacy':
51                self.auth = authorizer()
52            elif self.auth_type == 'abac':
53                auth_url = config.get('globals', 'auth_url')
54                if not auth_url:
55                    raise RuntimeError("auth_url required for ABAC " + \
56                            "authorization")
57                if self.cert_file:
58                    me = fedid(file=self.cert_file)
59                else:
60                    raise RuntimeError("ABAC authorization needs a " +\
61                            "certificate file")
62                self.auth= abac_authorizer(url=auth_url, 
63                        cert_file=self.cert_file, cert_pwd=self.cert_pwd,
64                        trusted_certs=self.trusted_certs, me=me)
65            else:
66                raise RuntimeError("Unknown authorizer type %s" % \
67                        self.auth_type)
[72ed6e4]68
[05191a6]69            access_db = config.get("globals", "accessdb")
70
71            if access_db:
72                try:
73                    read_simple_accessdb(access_db, self.auth)
[d3c8759]74                except EnvironmentError, e:
[0b4e272]75                    raise RuntimeError(
[05191a6]76                            "Error reading accessDB %s: %s" % (access_db, e))
[cc8d8e9]77                except ValueError, e:
[0b4e272]78                    raise RuntimeError("%s" % e)
[05191a6]79
[72ed6e4]80            if config.has_section("access"):
[3c6dbec]81                if self.access_type == "emulab":
82                    self.access = emulab_access.access(config, self.auth)
[23dec62]83                elif self.access_type == "dragon":
84                    self.access = dragon_access.access(config, self.auth)
[9c2e4e1]85                elif self.access_type == "protogeni":
86                    self.access = protogeni_access.access(config, self.auth)
[175b444]87                elif self.access_type == "deter_internal":
88                    self.access = deter_internal_access.access(config,
89                            self.auth)
[c261c0f]90                elif self.access_type == "containers":
91                    self.access = containers_access.access(config, self.auth)
[1819839]92                elif self.access_type == "desktop":
93                    self.access = desktop_access.access(config, self.auth)
[7888aee]94                elif self.access_type == "skel":
95                    self.access = skeleton_access.access(config, self.auth)
[3c6dbec]96                else:
[e2ff75d]97                    try:
98                        exec 'from %s import access as plugin_access' \
99                                % self.access_type
100                        self.access = plugin_access(config, self.auth)
101                    except ImportError, e:
102                        raise RuntimeError(
103                                "Unknown access_type: %s (import failed: %s)" \
104                                        % (self.access_type, e))
[72ed6e4]105                self.soap_services.update(self.access.soap_services) 
106                self.xmlrpc_services.update(self.access.xmlrpc_services) 
[09b4dc4]107            else:
108                self.access = None
[72ed6e4]109
110            if config.has_section("experiment_control"):
[3f6bc5f]111                self.experiment = \
[ec4fb42]112                        experiment_control_local(config, self.auth)
[5fffd82]113                # Tell the experiment control where local access control is and
[5a6b75b]114                # what testbeds it pertains to.
[c9318dc]115                if getattr(self, 'access', None):
[5a6b75b]116                    for t in self.access.testbed:
117                        self.experiment.local_access[t] = self.access
[5fffd82]118
[72ed6e4]119                self.soap_services.update(self.experiment.soap_services) 
120                self.xmlrpc_services.update(self.experiment.xmlrpc_services) 
[81a7f3f]121                self.get_handler = self.experiment.get_handler
122            else:
[39ee3cc]123                if self.access and getattr(self.access, 'get_handler', None):
[dac2316]124                    self.get_handler = self.access.get_handler
125                else:
126                    self.get_handler = None
[72ed6e4]127
[5f6929a]128            if config.has_section("ns2topdl"):
129                self.ns2topdl = ns2topdl_local(config, self.auth)
130                self.soap_services.update(self.ns2topdl.soap_services) 
131                self.xmlrpc_services.update(self.ns2topdl.xmlrpc_services) 
[f4f4117]132
[72ed6e4]133def new_feddservice(config):
[7454054]134    return deter_impl(config)
Note: See TracBrowser for help on using the repository browser.